Stibbe - Will administrative fines for violation of the GDPR increase

Countdown 1 day until GDPR : Will administrative fines for violation of the GDPR increase compared to the fines imposed by current national regimes?

Only 1 more day to go before the GDPR becomes fully effective. Preparing your company for the application of this new regulation requires a correct understanding of its principles. Each week, we highlight one particular misconception regarding the interpretation of the GDPR.

Will administrative fines for violation of the GDPR increase compared to the fines imposed by current national regimes?

The maximum level of administrative fines will effectively increase compared to the fines imposed by current national regimes. The GDPR sets two categories of administrative fines.

Some violations, including violations concerning aspects such as privacy by design and privacy by default, records processing activities, security, personal data breach notifications, data protection impact assessments, the ​designation of a data protection officer etc., are subject to administrative fines up to EUR 10 million or up to 2% of the total worldwide annual turnover of the preceding financial year of the undertaking, whichever is higher.

Other violations, including violations concerning the basic principles for lawful processing, the conditions for valid consent, data subjects’ rights, transfers of data outside the EU, etc., are subject to administrative fines up to EUR 20 million or up to 4% of the total worldwide annual turnover of the preceding financial year of the undertaking.

Nevertheless, the GDPR puts forward as a key principle that each supervisory authority must ensure that the administrative fines in each case must be effective, proportionate, and dissuasive with respect to the violation. When deciding whether to impose an administrative fine and on the amount thereof, regard should be given to the specific circumstances of the violation, including the nature, gravity, and duration of the infringement, the intentional or negligent character, the degree of responsibility, any previous infringements, the financial benefits gained, etc.

Stibbe, together with Chiomenti, Cuatrecasas, GIDE and Gleiss Lutz, have gathered this useful information, reflecting some common misconceptions about the implementation of the GDPR.

Speaking slot - Sarah De Wulf, junior TMT associate, discusses SAP licensing agreements during a Beltug seminar on 20 February 2019.
Many of the Beltug members are customers of SAP and face daily questions and challenges regarding SAP's software licensing policies. These questions include (among others): how the licence models will evolve (especially in terms of the growth of cloud services) and how to cope with indirect access.

Articles - The Belgian law of 25 November 2018 containing various provisions relating to the National Register and the population registers, published in the Belgian Official Gazette on 13 December 2018, has amended the law of 8 August 1983 regulating the National Register and the use of the national identity number

Short Reads - A Brexit without a deal, or with a deal that does not cover all relevant aspects, is still a potential scenario. We have highlighted a number of unexpected legal consequences of Brexit in such a no deal or incomplete deal scenario.

Speaking slot - The discussion topic will cover various legal aspects relating to data lifecycle management, both for personal and non personal data. These aspects will include rights in and obligations regarding data, such retention obligations and portability rights. Practical suggestions on holistic data management and the role of the chief data officer will be debated.

Our website uses cookies: third party analytics cookies to best adapt our website to your needs & cookies to enable social media functionalities. For more information on the use of cookies, please check our Privacy and Cookie Policy. Please note that you can change your cookie opt-ins at any time via your browser settings.